[PATCH 0/5] integrity: improve ima measurement accuracy
Janne Karhunen
janne.karhunen at gmail.com
Mon May 13 12:53:49 UTC 2019
By default the linux integrity subsystem measures a file only
when a file is being closed. While this certainly provides
low overhead as the re-measurements are never done, it also
makes sure the system has zero means to recover from a crash
or a power outage when operating in 'appraise' mode.
This patch series adds two new IMA api functions to retrigger
the measurements as the files change. Synchronous variant
should be invoked from less performance sensitive locations
such as sync|msync|truncate where the user is expecting some
latency, and the asynchronous variant can be called from
performance sensitive locations such as direct write or mmio.
Asynchronous variant is mostly 'out of the way' on write hot
paths, each file write is only checking that we have a cmwq
work entry pending to re-calculate the file measurement later
on. Re-measurement latencies are build time tunables and the
latencies are automatically raised for very large files.
While this does not provide absolutely perfect tolerance to
system resets, for most reasonable embedded system workloads
it can be tuned to achieve really high measurement accurancy
with the measurements being accurate 99.9%+ of the day.
Janne Karhunen (5):
integrity: keep the integrity state of open files up to date
integrity: update the file measurement on truncate
integrity: update the file measurement on write
integrity: measure the file on sync
integrity: measure the file on msync
fs/namei.c | 5 +-
fs/open.c | 3 +
fs/read_write.c | 11 ++-
fs/sync.c | 3 +
include/linux/ima.h | 12 +++
mm/msync.c | 7 ++
security/integrity/ima/Kconfig | 20 +++++
security/integrity/ima/ima_appraise.c | 6 +-
security/integrity/ima/ima_main.c | 103 +++++++++++++++++++++++++-
security/integrity/integrity.h | 6 ++
10 files changed, 171 insertions(+), 5 deletions(-)
--
2.17.1
More information about the Linux-security-module-archive
mailing list